Apostrophes not being escaped in new server environment

67 views Asked by At

I've moved a site to a new server and am having trouble determining why the old server properly handles apostrophes in a back end form and the new server does not (breaks sql query).

The site is around 12-13 years old and is very archaic, it does not use prepared statements or mysql_real_escape_string(). For now I'm sending the user input through mysql_real_escape_string() as a temporary fix but my real question is why one server handles it differently than the other with identical files and database.

The difference in environments is as follows:

Old server

mysql: 5.1.72-rel14.10
php: 5.3.29
mysql mode: ""

New server

mysql: 5.5.42-cll
php: 5.4.41
mysql mode: ""

The database was mysqldump'd from the old server and added to the new server. I've read through the Upgrading from MySQL 5.1 to 5.5 guide and didn't come across anything that could be an issue.

I've tried setting sql_mode to include ANSI with no results.

What could be causing the difference between environments?

If I've left out any critical information let me know.

UPDATE:

Ormoz pointed out that it could be a magic quotes issue, after checking I see that it is indeed enabled on the old server and not the new. I also see that magic quotes was removed in PHP 5.4 - is there an alternative to globally add a similar feature or would a downgrade to php 5.3 be the only way outside of reworking every SQL query?

0

There are 0 answers